26 matches found
EUVD-2021-0799
Malware in sbrugna...
EUVD-2022-1546
Malicious code in bioql PyPI...
CVE-2019-10792
bodymen before 1.1.1 is vulnerable to Prototype Pollution. The handler function could be tricked into adding or modifying properties of Object.prototype using a proto payload...
Prototype Pollution
bodymen is vulnerable to prototype pollution. The vulnerability exists in handler function in index.js because the properties of Object.prototype are not properly handled which allows an attacker to inject properties into existing construct prototypes and modify attributes sending a proto payload...
Prototype Pollution in bodymen
The package bodymen from 0.0.0 are vulnerable to Prototype Pollution via the handler function which could be tricked into adding or modifying properties of Object.prototype using a proto payload. Note: This vulnerability derives from an incomplete fix to CVE-2019-10792...
generator-rest (=0.2.0), nodejsamazingenerator (>=1.0.0 <=1.70.60-stable) potentially affected by CVE-2022-25296 via bodymen (=1.1.1)
bodymen NPM version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on bodymen and may be impacted: - generator-rest =0.2.0 - nodejsamazingenerator =1.0.0, =1.70.60-stable Source cves: CVE-2022-25296 Source advisory: OSV:GHSA-VHXC-FHM5-QCP9...
GHSA-VHXC-FHM5-QCP9 Prototype Pollution in bodymen
The package bodymen from 0.0.0 are vulnerable to Prototype Pollution via the handler function which could be tricked into adding or modifying properties of Object.prototype using a proto payload. Note: This vulnerability derives from an incomplete fix to CVE-2019-10792...
CVE-2022-25296
The package bodymen from 0.0.0 are vulnerable to Prototype Pollution via the handler function which could be tricked into adding or modifying properties of Object.prototype using a proto payload. Note: This vulnerability derives from an incomplete fix to CVE-2019-10792...
CVE-2022-25296
The package bodymen from 0.0.0 are vulnerable to Prototype Pollution via the handler function which could be tricked into adding or modifying properties of Object.prototype using a proto payload. Note: This vulnerability derives from an incomplete fix to CVE-2019-10792...
Design/Logic Flaw
The package bodymen from 0.0.0 are vulnerable to Prototype Pollution via the handler function which could be tricked into adding or modifying properties of Object.prototype using a proto payload. Note: This vulnerability derives from an incomplete fix to CVE-2019-10792...
CVE-2022-25296 Prototype Pollution
The package bodymen from 0.0.0 are vulnerable to Prototype Pollution via the handler function which could be tricked into adding or modifying properties of Object.prototype using a proto payload. Note: This vulnerability derives from an incomplete fix to CVE-2019-10792...
CVE-2022-25296
The CVE-2022-25296 entry concerns the npm package bodymen. Multiple trusted sources (GHSA and OSV entries) describe a Prototype Pollution flaw in bodymen, where the handler can be tricked into adding or modifying properties on Object.prototype via a proto payload. The vulnerability is tied to an ...
CVE-2022-25296
The package bodymen from 0.0.0 are vulnerable to Prototype Pollution via the handler function which could be tricked into adding or modifying properties of Object.prototype using a proto payload. Note: This vulnerability derives from an incomplete fix to CVE-2019-10792...
bodymen 安全漏洞
bodymen is a body parser middleware for MongoDB, Express and Nodejs MEN. bodymen suffers from a security vulnerability that stems from the susceptibility of handler functions to prototype contamination. An attacker can exploit the vulnerability to add or modify properties of Object.prototype usin...
generator-rest (=0.2.0), nodejsamazingenerator (>=1.0.0 <=1.70.60-stable) potentially affected by CVE-2019-10792 +1 more via bodymen (=1.1.1)
bodymen NPM version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on bodymen and may be impacted: - generator-rest =0.2.0 - nodejsamazingenerator =1.0.0, =1.70.60-stable Source cves: CVE-2019-10792, CVE-2022-25296 Source advisory:...
Prototype Pollution
Overview bodymen is a Body parser middleware for MongoDB, Express and Nodejs. Affected versions of this package are vulnerable to Prototype Pollution via the handler function which could be tricked into adding or modifying properties of Object.prototype using a proto payload. Note: This...
Injection in bodymen
bodymen before 1.1.1 is vulnerable to Prototype Pollution. The handler function could be tricked into adding or modifying properties of Object.prototype using a proto payload...
GHSA-8H84-8J4F-P97Q Injection in bodymen
bodymen before 1.1.1 is vulnerable to Prototype Pollution. The handler function could be tricked into adding or modifying properties of Object.prototype using a proto payload...
Bodymen Access Control Error Vulnerability
bodymen is a body parser middleware for MongoDB, Express and Nodejs MEN. A security vulnerability exists in bodymen versions prior to 1.1.1. An attacker can exploit the vulnerability to add or modify Object.prototype properties with the help of the 'handler' parameter...
Prototype Pollution
bodymen is vulnerable to prototype pollution. The vulnerability exists as the handler function accepts a proto payload, allowing the adding or modifying properties of Object.prototype...